locked
How to disable Microsoft malicious software removal tool RRS feed

  • Question

  • Please,

    can anyone tell me how to disable Microsoft malicious software removal tool KB890830 from being downloaded and instaled every mounth

    via WSUS. We already have the antivirus solution implemented and I don't need this bandwidth eater. I can decline it but don't want to do it

    every mounth.

    • Changed type Tim Quan Monday, May 16, 2011 3:43 AM
    Thursday, May 12, 2011 8:00 AM

Answers

  • can anyone tell me how to disable Microsoft malicious software removal tool KB890830 from being downloaded and instaled every mounth via WSUS.

    Don't Approve it?

    The only way the MSRT is being downloaded and installed (automatically?) every month is because you have it configured with an automatic-approval rule (or somebody is actually approving it manually).

    The MSRT is released into the Update Classification "Update Rollups". There is sufficient other conversations in this forum regarding the pros and cons of auto-approving the "Update Rollups" classification. You've just identified another (at least from your perspective) -- personally I think the presence of the MSRT is a great reason for auto-approving "Update Rollups" -- there are, however, more significant reasons for not doing so.

    Another approach, since your motiviation seems to be driven by bandwidth considerations (perphaps because of sites with constrained bandwidth issue), would be to restrict the approvals to only LAN-based target groups. Ergo, if they don't already exist, create WSUS Target Group(s) that contain only machines not on low-bandwidth connections, and approve the MSRT only for that group.

    We already have the antivirus solution implemented and I don't need this bandwidth eater.

    Well, one AV solution should never be considered sufficient, and I think a bit of investigation would find that characterizing that update as a "bandwidth eater" is a bit off the mark. The tool is 12MB. On a 128kb ISDN link (does anybody still have any of these?), the tool would take 10 minutes to transfer from an upstream server to a replica server using full bandwidth.

    In reality, though, since WSUS servers and the Windows Update Agent both use BITS to transfer files across available unused bandwidth the fact is that the idea of a "bandwidth eater" is totally non-sequiter with the use of BITS, because BITS prevents the file transfers from impinging upon bandwidth needed for other "foreground" purposes -- like streaming audio or browsing ESPN.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    • Marked as answer by Tim Quan Monday, May 16, 2011 3:43 AM
    Thursday, May 12, 2011 8:53 PM

All replies

  • can anyone tell me how to disable Microsoft malicious software removal tool KB890830 from being downloaded and instaled every mounth via WSUS.

    Don't Approve it?

    The only way the MSRT is being downloaded and installed (automatically?) every month is because you have it configured with an automatic-approval rule (or somebody is actually approving it manually).

    The MSRT is released into the Update Classification "Update Rollups". There is sufficient other conversations in this forum regarding the pros and cons of auto-approving the "Update Rollups" classification. You've just identified another (at least from your perspective) -- personally I think the presence of the MSRT is a great reason for auto-approving "Update Rollups" -- there are, however, more significant reasons for not doing so.

    Another approach, since your motiviation seems to be driven by bandwidth considerations (perphaps because of sites with constrained bandwidth issue), would be to restrict the approvals to only LAN-based target groups. Ergo, if they don't already exist, create WSUS Target Group(s) that contain only machines not on low-bandwidth connections, and approve the MSRT only for that group.

    We already have the antivirus solution implemented and I don't need this bandwidth eater.

    Well, one AV solution should never be considered sufficient, and I think a bit of investigation would find that characterizing that update as a "bandwidth eater" is a bit off the mark. The tool is 12MB. On a 128kb ISDN link (does anybody still have any of these?), the tool would take 10 minutes to transfer from an upstream server to a replica server using full bandwidth.

    In reality, though, since WSUS servers and the Windows Update Agent both use BITS to transfer files across available unused bandwidth the fact is that the idea of a "bandwidth eater" is totally non-sequiter with the use of BITS, because BITS prevents the file transfers from impinging upon bandwidth needed for other "foreground" purposes -- like streaming audio or browsing ESPN.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    • Marked as answer by Tim Quan Monday, May 16, 2011 3:43 AM
    Thursday, May 12, 2011 8:53 PM
  • I understand your take on this, but I respectfully disagree. I maintain nearly 100 PCs and a dozen servers, and I prefer to manually update them because I then get to view the individual systems, "feel" how they're running, and see first hand whether users are following company guidelines. So multiply 12mb times 100, and MSRT is not only eating more than a gig of bandwidth but also the time required for download. (Multiply that 12mb times the millions of MS updates every month, and the figure becomes significant!) Individually unchecking that update on every machine is a chore.

    But more important to me than the bandwidth and download time is the time MSRT takes to run; it adds at least 4 minutes to the update time on each machine. Multiply that by 100, and MSRT is adding serious time. All of this is put into stark relief by the fact that our company uses many layers of commercial anti-virus and anti-spam products that render MSRT superfluous. MSRT has never and will never find anything on my systems. It's an annoyance and giant waste of time. It I would love to find a way to permanently disable it. I assume MS have a registry fix they're not telling us about. I wish they would.

    GaryK


    GaryK

    Sunday, August 19, 2012 7:40 PM
  • I understand your take on this, but I respectfully disagree. I maintain nearly 100 PCs and a dozen servers, and I prefer to manually update them because I then get to view the individual systems, "feel" how they're running, and see first hand whether users are following company guidelines. So multiply 12mb times 100, and MSRT is not only eating more than a gig of bandwidth but also the time required for download. (Multiply that 12mb times the millions of MS updates every month, and the figure becomes significant!) Individually unchecking that update on every machine is a chore.

    But more important to me than the bandwidth and download time is the time MSRT takes to run; it adds at least 4 minutes to the update time on each machine. Multiply that by 100, and MSRT is adding serious time. All of this is put into stark relief by the fact that our company uses many layers of commercial anti-virus and anti-spam products that render MSRT superfluous. MSRT has never and will never find anything on my systems. It's an annoyance and giant waste of time. It I would love to find a way to permanently disable it. I assume MS have a registry fix they're not telling us about. I wish they would.

    I really don't understand the point of your rant, or what it is that you're disagreeing with. But the same advice still applies to you: If you don't want the update then Don't Install It!

    In the case of the original poster -- and the topic of this forum which is WSUS (which you seem to not be using for your 112 systems) -- the question was about how to not install the update using WSUS, and the answer is exactly as stated -- Don't Approve It!


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

    Monday, August 20, 2012 8:51 PM
  • Rant?

    GaryK


    GaryK

    Monday, August 20, 2012 10:19 PM
  • I wish to stop this tool which I DON'T want to use but it keeps showing up in the list of updates. EVERY other update I don't want or need I am able to disable but not this nuisance. I have right clicked the listing to stop it showing up but it comes right back every time. I have auto updates disabled COMPLETELY but The malicious tool keeps on popping up, doesn't MS trust users are are we all dum dums?

    One other thing, every so often an update will turn ON the Auto updates even though I have disabled it? MS = Big Brother.. :)

    Tuesday, September 25, 2012 7:23 AM
  • I wish to stop this tool which I DON'T want to use but it keeps showing up in the list of updates.

    If you don't want to use it, then don't,  but you can't stop it from being listed in the WUApp -- unless you quit using the WUApp.

    EVERY other update I don't want or need I am able to disable but not this nuisance.

    I really don't understand this.  First, why you would be getting updates you don't need in the WUApp, or what logic you use to determine you don't WANT update that are displayed in the WUApp, or why you are unable to HIDE the MSRT.

    I have right clicked the listing to stop it showing up but it comes right back every time.

    The MSRT is updated EVERY MONTH!

    One other thing, every so often an update will turn ON the Auto updates even though I have disabled it?

    There is no update, tool, or activity anywhere in the Microsoft landscape that can turn ON or OFF the automatic updates functionality of Windows *except* Group Policy or Local Policy. Is this your *personal* system, or is this a *company* system? Maybe you  haven't actually disabled it? Might depend on what you're doing that makes you think that you are "disabling" the functionality -- the fact that you're using the WUApp means it's probably *you* that's turning it back on!


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

    Thursday, September 27, 2012 10:48 PM
  • I wish to stop this tool which I DON'T want to use but it keeps showing up in the list of updates. EVERY other update I don't want or need I am able to disable but not this nuisance. I have right clicked the listing to stop it showing up but it comes right back every time. I have auto updates disabled COMPLETELY but The malicious tool keeps on popping up, doesn't MS trust users are are we all dum dums?

    One other thing, every so often an update will turn ON the Auto updates even though I have disabled it? MS = Big Brother.. :)

    Well if you understand what is WSUS and how to use it then you wouldn't be posting this rant.

    1) When you decline e.g. the September MSRT, then you will see the August MSRT tool shown in Windows Update if you did not decline it, so on and so forth. Just like if there was an Office SP3 shown and you decline it, if you do not have Office SP2 installed it will be shown, so on and so forth

    2) I haven't seen any updates that enable automatic updates. I have seen e.g. Microsoft Security Essentials gives you the option to "enable windows firewall if no firewall is installed" checked by default, so maybe you installed something without reading? Maybe you are using some "system cleaner"  software that deletes all the Windows Update temporary files and settings, and when you go back to Windows Update from a default/clean configuration it is not very clear how to check for updates without enabling automatic forced updates.

    Friday, September 28, 2012 12:40 AM
  • Well if you understand what is WSUS and how to use it then you wouldn't be posting this rant.

    I think the poster is not even using WSUS. :-//

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

    Friday, September 28, 2012 1:36 AM
  • Why is  Lawrence Garvin so unhelpful to a user seeking a genuine solution? If here were a rep in a shop or on the phone then he'd certainly get a mouthful from me! Disrespectful and arrogant towards the customer, it's pretty bad Mr Garvin. We know you may be smart, but no need to communicate in this condescending manner!

    Perhaps the answer to the problem may possibly be as easy as right clicking on the update to hide it to stop it coming up every few days, that's what I do, but then I only have a few PCs to worry about not 100+ like gkarasik ? But it is definitely a genuine issue / annoyance that needs addressing, not mocking by Larry and others.

    In situations where users have several layers of security already, then they should be allowed to choose to not have this tool running every month. I certainly have no use for it and would appreciate to turn it off completely. Otherwise, those with a suspicious mind might think that MS is scanning and reporting all their files to those agencies behind the "Patriot Act" each month!  :)




    • Edited by Cavehomme3 Saturday, February 16, 2013 7:36 PM
    Saturday, February 16, 2013 7:33 PM
  • Gary, do you know what a "tosser" is - because that's what some of these MVPs are. Relax, you can find your answers elsewhere rather than here. Good luck!
    Saturday, February 16, 2013 7:38 PM
  • Thanks. MS forums seem to attract types like Garvin who identify with MS and take it personally (and respond defensively) if they deem someone to be critical. It's an indication of deep-seated psychological problems and ought not to be taken seriously.

    You mention that the answer "might be as easy as right-icking on the update to hide it to stop it coming up every few days." This works, but only for that particular instance of MSRT. The following month there will be another that too must be disabled. In order to be able to disable an update, one must select "Custom" instead of "Express" on the update page. When one is manually updating a hundred or so clients, this adds appreciably to the time required. (Of course it does add less time then allowing the MSRT to download and run.)

    A registry patch might solve this if one only knew the proper syntax.

    In any case, I appreciate your thoughtful response.

    GaryK

     


    GaryK

    Saturday, February 16, 2013 8:52 PM
  • This Lawrence Garvin JERK is one of the main reasons we don't like dealing with the likes of SolarWinds.  First of all, I'd be embarrassed to have SEVEN listed credentials behind my name on a signature block.  That, in itself, indicates some type of deep seeded insecurity and/or inferiority complex plagues Mr. Garvin. 

    Second, while I somewhat agree that the person who posted the question is kind of going in circles, I also understand that perhaps he doesn't speak english well; maybe he isn't as EDUCATED as MR GARVIN of SOLARWINDS; who knows the reason for his responses except maybe, just maybe it is partly the Moderator's smart mouthed responses that have CONFUSED Andreas instead of helping him!  

    People come here for answers ... some people are totally ignorant (and, quite frankly, stupid).  That doesn't mean they need to be treated that way nor does it mean they are any less deserving of a legitimate answer as the obviously very highly educated Lawrence.  So either help someone out or don't say anything at all.  Garvin could have respectfully replied to this legitimate question using much less effort by sticking to the question and keeping his opinions to himself versus constantly being a pompous jackass.  If anyone is ranting, it's Lawrence.  OK, maybe both of them.  But, still, I expect more out of a moderator.

    I don't know who you are, Mr. Lawrence Garvin, M.S., MCITP:EA, MCDBA, MSCA, Product Manager, Solar Winds, Microsoft MVP - Software Distribution (2005-2012), but I do know you come off as a self righteous jerk and you represent your employer in extremely bad taste.  Not only that, if you are still a moderator on any of Microsoft's forums, I think it is time they reevaluate your effectiveness because you accomplished nothing here except:

    1. Show what a jerk and stuck-up snob you are.
    2. Make SolarWinds look bad since they hired a person like you.
    3. Brought down the quality of Microsoft's forums.
    4. Attempted to show everyone how smart you are.

    Just remember, you may be brilliant at some things - but, I guarantee you that there are some things you're an idiot at.  We all are.  So, when you're in some circumstance where you have no idea how to do something and desperately need help, I hope someone treats you the same way you treated Andreas.  Then, perhaps you'll learn the importance of giving a helping hand versus helping yourself - because at the end of it all, I could care less how many titles come after your name or how many points you have on some forum.  To the vast majority of people, your character is the most important thing of all...so, as far as I'm concerned I would rather get help from someone with no special titles and zero points than to get an arrogant jerk like you chiding me because you feel entitled to do so.

    There's my rant.  Deal with it.


    Tuesday, June 23, 2015 3:29 AM
  • Thanks. I do know what a tosser is. I appreciate the support and the optimism. The answer is nowhere to be found. I simply have to take the time to disable the MSRT on each machine each month. Unfortunately, this is the direction MS is moving. Windows 10 will provide no ability to disable security updates.

    As to Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds, Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin, well, hell. What is there to say?

    GaryK


    GaryK


    • Edited by gkarasik Tuesday, June 23, 2015 7:07 PM redundancy
    Tuesday, June 23, 2015 11:43 AM
  • Thanks. I do know what a tosser is. I appreciate the support and the optimism. The answer is nowhere to be found. I simply have to take the time to disable the MSRT on each machine each month. Unfortunately, this is the direction MS is moving. Windows 10 will give provide no ability to disable security updates.

    As to Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds, Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin, well, hell. What is there to say?

    GaryK


    GaryK

    I think that link may be broken, try this one below. I hope he received some customer service training, but maybe he was just going through a bad phase and now he's back on the straight road. Anyway, we are all here to try and help each other.

    https://social.technet.microsoft.com/Profile/lawrence%20garvin

    Interesting but disappointing point you make about Windows 10. I'm seriously reflecting my future and MS products, been using them since the days of MS-DOS and have always supported them, but there are still some seriously things adrift with their direction on the OS. Windows 10 still does not address some fundamental GUI issues post-Windows 7 for desktop and large screen (non-touch) users. Seems I'll be staying with Win 7 until at least 2020 and each month trying to ignore the MSRT!

    Tuesday, June 23, 2015 4:12 PM
  • I reached the same conclusion: Will not update to v10 if I can't test, then if need be disable, individual security updates. I can understand MS wanting to make them mandatory for typical end-users, but for those of us who are professionals and who provide support, there needs to be an accommodation. It's us who get the anguished calls when a security update breaks the internet or worse blue-screens a hundred workstations. Perhaps, after the launch there'll be enough of an outcry, and they'll fix this in v10.1. After all, they put the Start button back in 8.1 after enough people complained (and sneered).

    GaryK


    GaryK

    Tuesday, June 23, 2015 7:15 PM
  • My problem is it may be interfering with an anti-cheating program for games which is causing me to be disconnected from the server.

    btw isn't the MSRT running real time? If it is then it could be causing my problem.

    I like having it installed but it would be nice to be able to turn it on and off.


    • Edited by dannyquartz Saturday, December 12, 2015 2:36 AM
    Saturday, December 12, 2015 2:28 AM
  • Can you please tell me how you disable MSRT on the machine ?

    Friday, June 10, 2016 3:05 PM
  • And in the end, the question remains unanswered. People get so full of themselves, nobody has the time for that. I'll look elsewhere.
    Thursday, November 17, 2016 2:34 PM
  • https://forum.eset.com/topic/9838-how-to-disable-microsoft-malicious-software-removal-tool/

    here's the solution. 
    • Proposed as answer by CarlUp Thursday, November 24, 2016 7:56 AM
    Thursday, November 24, 2016 7:56 AM
  • Finally!

    Thanks very much, CarlUp!

    Take that, Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin


    GaryK

    Thursday, November 24, 2016 4:05 PM
  • Easier to post it here.

    I can't believe it took so long to answer a very simple question!

    Import this reg file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
    "DontOfferThroughWUAU"=dword:00000001

    Sunday, December 17, 2017 3:29 AM